kerberos.dll
Description: Kerberos Security Package
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.6328
Architecture: 64-bit
Operating System: Windows NT
SHA256: 237b9a0be5d17284d7de6354219dc7f3
File Size: 1.0 MB
Uploaded At: Dec. 1, 2025, 7:31 a.m.
Views: 6
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- SpInitialize (Ordinal: 1, Address: 0x25790)
- KerbDomainChangeCallback (Ordinal: 2, Address: 0x50a50)
- SpLsaModeInitialize (Ordinal: 3, Address: 0x234f0)
- SpUserModeInitialize (Ordinal: 4, Address: 0x2acc0)
- DllMain (Ordinal: 5, Address: 0x2f2c0)
- KerbCreateTokenFromTicketForKdc (Ordinal: 6, Address: 0x61f00)
- KerbIsInitialized (Ordinal: 7, Address: 0x530a0)
- KerbKdcCallBack (Ordinal: 8, Address: 0x530b0)
- KerbMakeKdcCall (Ordinal: 9, Address: 0x6a6b0)
- Kerberos (Ordinal: 10, Address: 0x130f0)
- SpInstanceInit (Ordinal: 32, Address: 0x2ae30)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x1800e4440)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x1800e4460)
- IsDebuggerPresent (Address: 0x1800e4450)
- OutputDebugStringA (Address: 0x1800e4458)
- OutputDebugStringW (Address: 0x1800e4468)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x1800e4488)
- RaiseException (Address: 0x1800e4478)
- SetLastError (Address: 0x1800e4480)
- SetUnhandledExceptionFilter (Address: 0x1800e4490)
- UnhandledExceptionFilter (Address: 0x1800e4498)
api-ms-win-core-file-l1-1-0.dll
- CreateDirectoryW (Address: 0x1800e44a8)
- FileTimeToLocalFileTime (Address: 0x1800e44b0)
api-ms-win-core-file-l2-1-0.dll
- MoveFileExW (Address: 0x1800e44c0)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x1800e44d0)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x1800e44e0)
- HeapAlloc (Address: 0x1800e44f0)
- HeapFree (Address: 0x1800e44e8)
api-ms-win-core-heap-l2-1-0.dll
- GlobalFree (Address: 0x1800e4508)
- LocalAlloc (Address: 0x1800e4510)
- LocalFree (Address: 0x1800e4500)
api-ms-win-core-interlocked-l1-1-0.dll
- InitializeSListHead (Address: 0x1800e4520)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x1800e4548)
- FreeLibrary (Address: 0x1800e4530)
- GetModuleFileNameA (Address: 0x1800e4540)
- GetModuleFileNameW (Address: 0x1800e4550)
- GetModuleHandleExW (Address: 0x1800e4538)
- GetModuleHandleW (Address: 0x1800e4558)
- GetProcAddress (Address: 0x1800e4568)
- LoadLibraryExA (Address: 0x1800e4560)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x1800e4580)
- GetACP (Address: 0x1800e4578)
api-ms-win-core-memory-l1-1-0.dll
- CreateFileMappingW (Address: 0x1800e45b0)
- MapViewOfFileEx (Address: 0x1800e45a0)
- OpenFileMappingW (Address: 0x1800e4598)
- UnmapViewOfFile (Address: 0x1800e45c0)
- VirtualAlloc (Address: 0x1800e45b8)
- VirtualProtect (Address: 0x1800e4590)
- VirtualQuery (Address: 0x1800e45a8)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x1800e45e0)
- GetCurrentDirectoryW (Address: 0x1800e45d8)
- GetEnvironmentVariableW (Address: 0x1800e45d0)
- SetCurrentDirectoryW (Address: 0x1800e45e8)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x1800e4608)
- GetCurrentProcessId (Address: 0x1800e4600)
- GetCurrentThreadId (Address: 0x1800e4620)
- SetThreadStackGuarantee (Address: 0x1800e4610)
- SetThreadToken (Address: 0x1800e4618)
- TerminateProcess (Address: 0x1800e45f8)
api-ms-win-core-processthreads-l1-1-1.dll
- IsProcessorFeaturePresent (Address: 0x1800e4630)
- OpenProcess (Address: 0x1800e4638)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x1800e4648)
api-ms-win-core-psapi-l1-1-0.dll
- QueryFullProcessImageNameW (Address: 0x1800e4658)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x1800e4698)
- RegCreateKeyExW (Address: 0x1800e4690)
- RegEnumKeyExW (Address: 0x1800e4678)
- RegEnumValueW (Address: 0x1800e4670)
- RegNotifyChangeKeyValue (Address: 0x1800e4668)
- RegOpenKeyExW (Address: 0x1800e4680)
- RegQueryInfoKeyW (Address: 0x1800e46a8)
- RegQueryValueExW (Address: 0x1800e46a0)
- RegSetValueExW (Address: 0x1800e4688)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x1800e46d0)
- RtlCompareMemory (Address: 0x1800e46c0)
- RtlLookupFunctionEntry (Address: 0x1800e46b8)
- RtlVirtualUnwind (Address: 0x1800e46c8)
api-ms-win-core-string-l1-1-0.dll
- MultiByteToWideChar (Address: 0x1800e46e0)
- WideCharToMultiByte (Address: 0x1800e46e8)
api-ms-win-core-string-obsolete-l1-1-0.dll
- lstrcmpiA (Address: 0x1800e4700)
- lstrcmpW (Address: 0x1800e4710)
- lstrlenA (Address: 0x1800e46f8)
- lstrlenW (Address: 0x1800e4708)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x1800e4738)
- AcquireSRWLockShared (Address: 0x1800e4748)
- CreateEventW (Address: 0x1800e47b0)
- CreateMutexExW (Address: 0x1800e4788)
- CreateSemaphoreExW (Address: 0x1800e4798)
- DeleteCriticalSection (Address: 0x1800e4778)
- EnterCriticalSection (Address: 0x1800e4770)
- InitializeCriticalSection (Address: 0x1800e47b8)
- InitializeCriticalSectionEx (Address: 0x1800e4780)
- InitializeSRWLock (Address: 0x1800e47c0)
- LeaveCriticalSection (Address: 0x1800e4768)
- OpenEventW (Address: 0x1800e47a8)
- OpenSemaphoreW (Address: 0x1800e4760)
- ReleaseMutex (Address: 0x1800e4790)
- ReleaseSemaphore (Address: 0x1800e4758)
- ReleaseSRWLockExclusive (Address: 0x1800e4740)
- ReleaseSRWLockShared (Address: 0x1800e4750)
- ResetEvent (Address: 0x1800e4720)
- SetEvent (Address: 0x1800e4728)
- TryAcquireSRWLockExclusive (Address: 0x1800e47c8)
- WaitForSingleObject (Address: 0x1800e4730)
- WaitForSingleObjectEx (Address: 0x1800e47a0)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceExecuteOnce (Address: 0x1800e47e0)
- Sleep (Address: 0x1800e47d8)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetComputerNameExW (Address: 0x1800e4818)
- GetSystemInfo (Address: 0x1800e4810)
- GetSystemTimeAsFileTime (Address: 0x1800e4808)
- GetTickCount (Address: 0x1800e47f8)
- GetVersionExW (Address: 0x1800e47f0)
- GetWindowsDirectoryW (Address: 0x1800e4800)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x1800e4838)
- CreateThreadpoolTimer (Address: 0x1800e4828)
- SetThreadpoolTimer (Address: 0x1800e4840)
- WaitForThreadpoolTimerCallbacks (Address: 0x1800e4830)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
- ChangeTimerQueueTimer (Address: 0x1800e4868)
- CreateTimerQueueTimer (Address: 0x1800e4870)
- DeleteTimerQueueTimer (Address: 0x1800e4850)
- QueueUserWorkItem (Address: 0x1800e4858)
- UnregisterWaitEx (Address: 0x1800e4860)
api-ms-win-core-threadpool-private-l1-1-0.dll
- RegisterWaitForSingleObjectEx (Address: 0x1800e4880)
api-ms-win-core-timezone-l1-1-0.dll
- FileTimeToSystemTime (Address: 0x1800e4890)
api-ms-win-core-version-l1-1-0.dll
- GetFileVersionInfoExW (Address: 0x1800e48b0)
- GetFileVersionInfoSizeExW (Address: 0x1800e48a0)
- VerQueryValueW (Address: 0x1800e48a8)
api-ms-win-crt-math-l1-1-0.dll
- ceilf (Address: 0x1800e48c0)
api-ms-win-crt-private-l1-1-0.dll
- __C_specific_handler (Address: 0x1800e49a0)
- __CxxFrameHandler3 (Address: 0x1800e4a48)
- __CxxFrameHandler4 (Address: 0x1800e4a28)
- __std_terminate (Address: 0x1800e4a20)
- _CxxThrowException (Address: 0x1800e4a40)
- _o___std_exception_copy (Address: 0x1800e4a18)
- _o___std_exception_destroy (Address: 0x1800e4a10)
- _o___std_type_info_destroy_list (Address: 0x1800e4a08)
- _o___stdio_common_vsnprintf_s (Address: 0x1800e4a00)
- _o___stdio_common_vsnwprintf_s (Address: 0x1800e49f8)
- _o___stdio_common_vsprintf_s (Address: 0x1800e49f0)
- _o___stdio_common_vsscanf (Address: 0x1800e49e8)
- _o___stdio_common_vswprintf (Address: 0x1800e49e0)
- _o___stdio_common_vswprintf_s (Address: 0x1800e49d8)
- _o__callnewh (Address: 0x1800e49d0)
- _o__cexit (Address: 0x1800e49c8)
- _o__configure_narrow_argv (Address: 0x1800e49c0)
- _o__crt_atexit (Address: 0x1800e49b8)
- _o__errno (Address: 0x1800e49b0)
- _o__execute_onexit_table (Address: 0x1800e49a8)
- _o__initialize_narrow_environment (Address: 0x1800e48d0)
- _o__initialize_onexit_table (Address: 0x1800e48d8)
- _o__invalid_parameter_noinfo (Address: 0x1800e48e0)
- _o__invalid_parameter_noinfo_noreturn (Address: 0x1800e48e8)
- _o__purecall (Address: 0x1800e48f0)
- _o__register_onexit_function (Address: 0x1800e48f8)
- _o__seh_filter_dll (Address: 0x1800e4900)
- _o__stricmp (Address: 0x1800e4908)
- _o__ultow (Address: 0x1800e4910)
- _o__wcsicmp (Address: 0x1800e4918)
- _o__wcsnicmp (Address: 0x1800e4920)
- _o__wsplitpath_s (Address: 0x1800e4930)
- _o_free (Address: 0x1800e4938)
- _o_malloc (Address: 0x1800e4940)
- _o_qsort (Address: 0x1800e4948)
- _o_strcpy_s (Address: 0x1800e4950)
- _o_toupper (Address: 0x1800e4958)
- _o_towlower (Address: 0x1800e4960)
- _o_wcscat_s (Address: 0x1800e4968)
- _o_wcscpy_s (Address: 0x1800e4970)
- _o_wcsncpy_s (Address: 0x1800e4978)
- _o_wcstok (Address: 0x1800e4980)
- _o_wcstok_s (Address: 0x1800e4988)
- _o_wcstol (Address: 0x1800e4990)
- _o_wcstoul (Address: 0x1800e4998)
- memcmp (Address: 0x1800e4a30)
- memcpy (Address: 0x1800e4a38)
- memmove (Address: 0x1800e4928)
- wcschr (Address: 0x1800e4a58)
- wcsrchr (Address: 0x1800e4a50)
api-ms-win-crt-runtime-l1-1-0.dll
- _initterm (Address: 0x1800e4a70)
- _initterm_e (Address: 0x1800e4a68)
api-ms-win-crt-string-l1-1-0.dll
- memset (Address: 0x1800e4a80)
- strcmp (Address: 0x1800e4a88)
- wcscmp (Address: 0x1800e4a90)
- wcsncmp (Address: 0x1800e4a98)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- GetTraceEnableFlags (Address: 0x1800e4aa8)
- GetTraceEnableLevel (Address: 0x1800e4ab8)
- GetTraceLoggerHandle (Address: 0x1800e4ab0)
- RegisterTraceGuidsW (Address: 0x1800e4ad0)
- TraceMessage (Address: 0x1800e4ac0)
- UnregisterTraceGuids (Address: 0x1800e4ac8)
api-ms-win-eventing-controller-l1-1-0.dll
- ControlTraceW (Address: 0x1800e4af0)
- EnableTraceEx2 (Address: 0x1800e4ae0)
- StartTraceW (Address: 0x1800e4ae8)
api-ms-win-eventing-provider-l1-1-0.dll
- EventProviderEnabled (Address: 0x1800e4b10)
- EventRegister (Address: 0x1800e4b18)
- EventSetInformation (Address: 0x1800e4b00)
- EventUnregister (Address: 0x1800e4b20)
- EventWriteTransfer (Address: 0x1800e4b08)
api-ms-win-security-activedirectoryclient-l1-1-0.dll
- DsBindWithSpnExW (Address: 0x1800e4b40)
- DsCrackNamesW (Address: 0x1800e4b48)
- DsFreeNameResultW (Address: 0x1800e4b38)
- DsUnBindW (Address: 0x1800e4b30)
api-ms-win-security-base-l1-1-0.dll
- AdjustTokenPrivileges (Address: 0x1800e4b78)
- AllocateAndInitializeSid (Address: 0x1800e4b90)
- CheckTokenMembership (Address: 0x1800e4b60)
- EqualSid (Address: 0x1800e4b68)
- FreeSid (Address: 0x1800e4b70)
- GetTokenInformation (Address: 0x1800e4b80)
- IsTokenRestricted (Address: 0x1800e4b88)
- RevertToSelf (Address: 0x1800e4b58)
api-ms-win-service-private-l1-1-0.dll
- I_QueryTagInformation (Address: 0x1800e4ba0)
MSASN1.dll
- ASN1_CloseDecoder (Address: 0x1800e42a0)
- ASN1_CloseEncoder (Address: 0x1800e42b0)
- ASN1_CreateDecoder (Address: 0x1800e4420)
- ASN1_CreateEncoder (Address: 0x1800e4410)
- ASN1_CreateModule (Address: 0x1800e42f8)
- ASN1_Decode (Address: 0x1800e4430)
- ASN1_Encode (Address: 0x1800e42b8)
- ASN1_FreeDecoded (Address: 0x1800e42c8)
- ASN1_FreeEncoded (Address: 0x1800e42d8)
- ASN1BERDecBitString (Address: 0x1800e4328)
- ASN1BERDecBool (Address: 0x1800e43a0)
- ASN1BERDecCharString (Address: 0x1800e42f0)
- ASN1BERDecEndOfContents (Address: 0x1800e43a8)
- ASN1BERDecExplicitTag (Address: 0x1800e43e8)
- ASN1BERDecGeneralizedTime (Address: 0x1800e43d8)
- ASN1BERDecNotEndOfContents (Address: 0x1800e43b8)
- ASN1BERDecObjectIdentifier (Address: 0x1800e4320)
- ASN1BERDecOctetString (Address: 0x1800e43c0)
- ASN1BERDecOpenType2 (Address: 0x1800e4408)
- ASN1BERDecPeekTag (Address: 0x1800e43d0)
- ASN1BERDecS32Val (Address: 0x1800e4340)
- ASN1BERDecSkip (Address: 0x1800e4368)
- ASN1BERDecSXVal (Address: 0x1800e4400)
- ASN1BERDecU32Val (Address: 0x1800e4300)
- ASN1BERDecZeroCharString (Address: 0x1800e4310)
- ASN1BEREncBool (Address: 0x1800e4370)
- ASN1BEREncEndOfContents (Address: 0x1800e4378)
- ASN1BEREncExplicitTag (Address: 0x1800e43b0)
- ASN1BEREncObjectIdentifier (Address: 0x1800e4318)
- ASN1BEREncOpenType (Address: 0x1800e4348)
- ASN1BEREncS32 (Address: 0x1800e4388)
- ASN1BEREncSX (Address: 0x1800e4350)
- ASN1BEREncU32 (Address: 0x1800e43c8)
- ASN1bitstring_free (Address: 0x1800e42e8)
- ASN1charstring_free (Address: 0x1800e4330)
- ASN1DecAlloc (Address: 0x1800e4358)
- ASN1DecSetError (Address: 0x1800e43f0)
- ASN1DEREncBitString (Address: 0x1800e4308)
- ASN1DEREncCharString (Address: 0x1800e4380)
- ASN1DEREncGeneralizedTime (Address: 0x1800e43e0)
- ASN1DEREncOctetString (Address: 0x1800e4338)
- ASN1EncSetError (Address: 0x1800e4390)
- ASN1Free (Address: 0x1800e4360)
- ASN1intx_free (Address: 0x1800e4418)
- ASN1intx_setuint32 (Address: 0x1800e4428)
- ASN1intx2int32 (Address: 0x1800e42a8)
- ASN1intx2uint32 (Address: 0x1800e42d0)
- ASN1intxisuint32 (Address: 0x1800e42c0)
- ASN1objectidentifier_free (Address: 0x1800e4398)
- ASN1octetstring_free (Address: 0x1800e43f8)
- ASN1ztcharstring_free (Address: 0x1800e42e0)
msvcp_win.dll
- ?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z (Address: 0x1800e4ca0)
- ?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ (Address: 0x1800e4c00)
- ?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ (Address: 0x1800e4c30)
- ?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ (Address: 0x1800e4bf8)
- ?_Xbad_alloc@std@@YAXXZ (Address: 0x1800e4cb8)
- ?_Xlength_error@std@@YAXPEBD@Z (Address: 0x1800e4cc0)
- ?_Xout_of_range@std@@YAXPEBD@Z (Address: 0x1800e4cb0)
- ??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ (Address: 0x1800e4c78)
- ??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z (Address: 0x1800e4c28)
- ??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ (Address: 0x1800e4c88)
- ??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ (Address: 0x1800e4c20)
- ??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ (Address: 0x1800e4bb8)
- ??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ (Address: 0x1800e4c08)
- ??Bios_base@std@@QEBA_NXZ (Address: 0x1800e4bb0)
- ?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ (Address: 0x1800e4c70)
- ?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ (Address: 0x1800e4c58)
- ?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ (Address: 0x1800e4c40)
- ?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z (Address: 0x1800e4c50)
- ?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ (Address: 0x1800e4c68)
- ?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z (Address: 0x1800e4bc0)
- ?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ (Address: 0x1800e4c60)
- ?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ (Address: 0x1800e4c10)
- ?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ (Address: 0x1800e4c98)
- ?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z (Address: 0x1800e4bd0)
- ?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z (Address: 0x1800e4c48)
- ?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z (Address: 0x1800e4c80)
- ?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z (Address: 0x1800e4c38)
- ?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z (Address: 0x1800e4c18)
- ?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ (Address: 0x1800e4c90)
- ?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ (Address: 0x1800e4bf0)
- ?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ (Address: 0x1800e4ca8)
- ?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ (Address: 0x1800e4bc8)
- ?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ (Address: 0x1800e4be8)
- ?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z (Address: 0x1800e4be0)
- ?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z (Address: 0x1800e4bd8)
ntdll.dll
- EtwEventActivityIdControl (Address: 0x1800e4f68)
- EtwEventRegister (Address: 0x1800e4fd0)
- EtwEventUnregister (Address: 0x1800e4fc0)
- EtwEventWriteTransfer (Address: 0x1800e4f60)
- EtwGetTraceLoggerHandle (Address: 0x1800e4d58)
- EtwLogTraceEvent (Address: 0x1800e4d80)
- EtwRegisterTraceGuidsW (Address: 0x1800e4d60)
- EtwTraceMessage (Address: 0x1800e4e98)
- EtwUnregisterTraceGuids (Address: 0x1800e4d38)
- NtAllocateLocallyUniqueId (Address: 0x1800e4e88)
- NtClose (Address: 0x1800e4e58)
- NtCreateEvent (Address: 0x1800e4e78)
- NtDuplicateObject (Address: 0x1800e4fa8)
- NtDuplicateToken (Address: 0x1800e4f70)
- NtOpenEvent (Address: 0x1800e4e70)
- NtOpenProcess (Address: 0x1800e4da0)
- NtOpenProcessToken (Address: 0x1800e4f48)
- NtOpenThreadToken (Address: 0x1800e4f58)
- NtQueryInformationToken (Address: 0x1800e4fa0)
- NtQuerySystemInformation (Address: 0x1800e4fb8)
- NtQuerySystemTime (Address: 0x1800e4e10)
- NtSetEvent (Address: 0x1800e4d30)
- NtSetInformationThread (Address: 0x1800e4e00)
- NtSetSecurityObject (Address: 0x1800e4f20)
- NtWaitForSingleObject (Address: 0x1800e4e68)
- RtlAcquireResourceExclusive (Address: 0x1800e4f00)
- RtlAcquireResourceShared (Address: 0x1800e4ee8)
- RtlAddAccessAllowedAce (Address: 0x1800e4f38)
- RtlAllocateAndInitializeSid (Address: 0x1800e4f50)
- RtlAllocateHeap (Address: 0x1800e4d48)
- RtlAnsiStringToUnicodeString (Address: 0x1800e4d78)
- RtlAppendUnicodeStringToString (Address: 0x1800e4db8)
- RtlAvlInsertNodeEx (Address: 0x1800e4da8)
- RtlAvlRemoveNode (Address: 0x1800e4db0)
- RtlCompareUnicodeString (Address: 0x1800e4de0)
- RtlConvertSharedToExclusive (Address: 0x1800e4ed8)
- RtlCopyLuid (Address: 0x1800e4d98)
- RtlCopySid (Address: 0x1800e4f78)
- RtlCopyUnicodeString (Address: 0x1800e4d90)
- RtlCreateAcl (Address: 0x1800e4f40)
- RtlCreateSecurityDescriptor (Address: 0x1800e4f30)
- RtlCreateTimer (Address: 0x1800e4f10)
- RtlCreateTimerQueue (Address: 0x1800e4f18)
- RtlDeleteCriticalSection (Address: 0x1800e4fd8)
- RtlDeleteElementGenericTable (Address: 0x1800e4cd0)
- RtlDeleteElementGenericTableAvl (Address: 0x1800e4ed0)
- RtlDeleteResource (Address: 0x1800e4eb0)
- RtlDeleteTimerQueue (Address: 0x1800e4f08)
- RtlDeleteTimerQueueEx (Address: 0x1800e4ce8)
- RtlDeregisterWait (Address: 0x1800e4e60)
- RtlDowncaseUnicodeString (Address: 0x1800e4e18)
- RtlDuplicateUnicodeString (Address: 0x1800e4d68)
- RtlEnterCriticalSection (Address: 0x1800e4ff0)
- RtlEnumerateGenericTableAvl (Address: 0x1800e4eb8)
- RtlEqualComputerName (Address: 0x1800e4d50)
- RtlEqualDomainName (Address: 0x1800e4ec0)
- RtlEqualSid (Address: 0x1800e4f80)
- RtlEqualUnicodeString (Address: 0x1800e4e28)
- RtlEraseUnicodeString (Address: 0x1800e4d70)
- RtlFreeAnsiString (Address: 0x1800e4dc8)
- RtlFreeHeap (Address: 0x1800e4d40)
- RtlFreeSid (Address: 0x1800e4fb0)
- RtlFreeUnicodeString (Address: 0x1800e4ec8)
- RtlGetElementGenericTable (Address: 0x1800e4ce0)
- RtlImageNtHeader (Address: 0x1800e4cf0)
- RtlInitAnsiString (Address: 0x1800e4dd8)
- RtlInitializeCriticalSection (Address: 0x1800e4fe0)
- RtlInitializeGenericTable (Address: 0x1800e4de8)
- RtlInitializeGenericTableAvl (Address: 0x1800e4ea0)
- RtlInitializeResource (Address: 0x1800e4ea8)
- RtlInitializeSid (Address: 0x1800e4f98)
- RtlInitUnicodeString (Address: 0x1800e4e80)
- RtlInitUnicodeStringEx (Address: 0x1800e4dc0)
- RtlInsertElementGenericTable (Address: 0x1800e4cd8)
- RtlInsertElementGenericTableAvl (Address: 0x1800e4ef8)
- RtlIntegerToUnicodeString (Address: 0x1800e4df0)
- RtlIpv4AddressToStringExW (Address: 0x1800e4e38)
- RtlIpv4StringToAddressExW (Address: 0x1800e4e50)
- RtlIpv6AddressToStringExW (Address: 0x1800e4e30)
- RtlIpv6StringToAddressExW (Address: 0x1800e4e48)
- RtlLeaveCriticalSection (Address: 0x1800e4fe8)
- RtlLengthRequiredSid (Address: 0x1800e4d00)
- RtlLengthSid (Address: 0x1800e4f88)
- RtlLookupElementGenericTableAvl (Address: 0x1800e4ee0)
- RtlNtStatusToDosError (Address: 0x1800e4d28)
- RtlPrefixUnicodeString (Address: 0x1800e4df8)
- RtlRegisterWait (Address: 0x1800e4e40)
- RtlReleaseResource (Address: 0x1800e4ef0)
- RtlRunDecodeUnicodeString (Address: 0x1800e4d88)
- RtlSetDaclSecurityDescriptor (Address: 0x1800e4f28)
- RtlSubAuthorityCountSid (Address: 0x1800e4d08)
- RtlSubAuthoritySid (Address: 0x1800e4f90)
- RtlSystemTimeToLocalTime (Address: 0x1800e4e20)
- RtlTimeFieldsToTime (Address: 0x1800e4d18)
- RtlTimeToTimeFields (Address: 0x1800e4d10)
- RtlUnicodeStringToAnsiString (Address: 0x1800e4dd0)
- RtlUniform (Address: 0x1800e4fc8)
- RtlUpcaseUnicodeString (Address: 0x1800e4e08)
- RtlValidateUnicodeString (Address: 0x1800e4ff8)
- RtlValidSid (Address: 0x1800e4d20)
- WinSqmIncrementDWORD (Address: 0x1800e4e90)
- WinSqmSetDWORD (Address: 0x1800e4cf8)